On 9/28/14 3:33 PM, Yaron Sheffer wrote:
On 09/28/2014 10:18 PM, Aaron Zauner wrote:
* Leif Johansson <[email protected]> [140928 20:52]:
You mean "explain what CVE numbers are" rather than "explain those CVE
numbers" right?
Yes.
Is it really necessary to explain what a CVE assignment is in a
document that explicitly deals with security?
As I said, all of the work in this group is likely to be read by
non-security folks, so I think it's useful.
If so maybe refrain
from writing another paragraph and just refer to a document like
this one: https://cve.mitre.org/cve/identifiers/
It's easier to add the text than to discuss whether it's needed... See
http://tools.ietf.org/html/draft-ietf-uta-tls-attacks-04#section-2
Well done.
By the way, I was surprised that the term "CVE" does not appear in the
Security Glossary (RFC 4949).
Yes, interesting.
On 9/29/14 3:25 AM, Orit Levin (LCA) wrote:
Leif and I talked and we suggest to Last Call it now.
Wilco.
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
